Closed
Bug 1444394
Opened 7 years ago
Closed 6 years ago
[tracking] Remove Element::UnsafeSetInnerHTML
Categories
(Core :: DOM: Core & HTML, enhancement, P3)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla62
| Tracking | Status | |
|---|---|---|
| firefox62 | --- | fixed |
People
(Reporter: johannh, Assigned: johannh)
References
Details
(Keywords: meta)
Attachments
(1 file)
Bug 1432966 introduced the unsafeSetInnerHTML function to avoid dealing with all the cases where our sanitizer would have broken innerHTML functionality. We should track removing all those calls so that we can unship that function again and make it impossible to bypass the sanitizer.
|
||
Comment 1•6 years ago
|
||
Element::UnsafeSetInnerHTML also introduced the parameter |bool aNeverSanitize| in SetInnerHTMLInternal(). Please remember to remove this parameter as well. Source: https://searchfox.org/mozilla-central/rev/2aa42f2cab4a110edf21dd7281ac23a1ea8901f9/dom/base/FragmentOrElement.h#271-272
|
|
||
Comment 2•6 years ago
|
||
and aSanitize NeverSanitize etc. :P https://searchfox.org/mozilla-central/rev/2aa42f2cab4a110edf21dd7281ac23a1ea8901f9/dom/base/nsContentUtils.cpp#5062,5190
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → jhofmann
Status: NEW → ASSIGNED
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 4•6 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=304a76cc05afb9aa3db2b64b7ce289a160ec9441
|
||
Comment 5•6 years ago
|
||
| mozreview-review | ||
Comment on attachment 8981244 [details] Bug 1444394 - Remove Element::UnsafeSetInnerHTML. https://reviewboard.mozilla.org/r/247324/#review253386 \o/
Attachment #8981244 -
Flags: review?(kmaglione+bmo) → review+
|
||
Comment 6•6 years ago
|
||
| mozreview-review | ||
Comment on attachment 8981244 [details] Bug 1444394 - Remove Element::UnsafeSetInnerHTML. https://reviewboard.mozilla.org/r/247324/#review254160 ::: dom/base/nsContentUtils.h (Diff revision 1) > * > * @param aContextNode the node which is used to resolve namespaces > * @param aFragment the string which is parsed to a DocumentFragment > * @param aReturn the resulting fragment > * @param aPreventScriptExecution whether to mark scripts as already started > - * @param aSanitize whether the fragment should be sanitized prior to We should probably document that the fragment will be sanitized if aContextNode is system, right?
Attachment #8981244 -
Flags: review?(bzbarsky) → review+
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 8•6 years ago
|
||
| mozreview-review-reply | ||
Comment on attachment 8981244 [details] Bug 1444394 - Remove Element::UnsafeSetInnerHTML. https://reviewboard.mozilla.org/r/247324/#review254160 > We should probably document that the fragment will be sanitized if aContextNode is system, right? Good idea, thanks!!
Pushed by jhofmann@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4cab0dc8b7d9 Remove Element::UnsafeSetInnerHTML. r=bz,kmag
|
||
Comment 10•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/4cab0dc8b7d9
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox62:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•